THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS




            Event Sponsors
THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS




What You Need to Know Now
About Managing Gov...
THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS




GRC: What You Need in Your
   Toolbox for Su...
Agenda


     ●●●
           Background: Unprecedented Market Conditions Demand
           New Risk Approach

     ●●●
   ...
Understanding Risk
Understanding Risk
   Managing risk is critical to achieving organizational success



                ...
Unprecedented Market Conditions Demand New Risk Approach




       Financial Crisis           SEC
       and Recovery    ...
Growing Expectations for Board Members and Management

• Board
   – Exercise greater oversight over risk management.
   – ...
Recognition That Work Needs to be Done


• Research conducted by the AICPA and the ERM Initiative at North
  Carolina Stat...
The Current Landscape

•   Post -SOX there has been an increased focus on internal controls over financial
    reporting.
...
A New Risk Management Paradigm for Directors and Management



             Board members recognize that they need to have...
Does The Organization Have The Appropriate Structure and
Processes for Managing Risk
  Key considerations in preparing for...
Elements of an Effective GRC Framework



   Governance Structure that establishes clear
   levels of accountability for t...
Elements of an Effective Risk Assessment Process

•   Clearly defined risk appetite communicated to the board and well und...
Leveraging Risk Assessment to Improve Communication

•   Engage in a review and discussion of business risks.
•   Systemat...
Linking GRC to Value Creation

      A framework aligned with the strategy for creating shareholder value



             ...
THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS




              Thank You
SEC Enforcement Trends

 Lou Mejia, Partner, DLA Piper
Financial Crisis

• Timely And Accurate Disclosure?
  – Business Deals
  – Business Conditions
  – Increased Risks
  – Ass...
SEC Cases to Watch
• Goldman Sachs
  – CDO
• Rorech
  – CDS
• Morgan Keegan
  – MBS
FCPA Developments
•   Aggressive DOJ & SEC
•   New Investigative Techniques
•   Larger Sanctions
•   More Individuals
•   ...
Insider Trading
• Why The SEC Loves Insider Trading
• Market Trends & Risks
  – M&A Activity
  – Hedge Funds
• New Investi...
New Specialized Units
• Asset Management
    – Hedge Funds, Investment Advisers
    – Valuation, Performance, Due Diligenc...
Setting The Table
•   Faster Subpoenas
•   Downstream Autonomy
•   Taking Away The 4 Corner
•   Clearing Inventory
•   Str...
Possible Barriers To Action
• Judicial Scrutiny
  – Theories
  – Relief
• Culture
• SEC v. SDNY
• Resources
Protecting The Organization
• Can You Back Up Your Compliance
  Defense?
• Common Characteristics Of Charged
  Companies
•...
THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS




              Thank You
THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS




Putting the Pieces Together as
an Enterprise...
Interesting Career Timing…

 • IAC start date: Sept 11, 2001… 11am
 • Revised IAC start date: Sept 17, 2001
 • Enron bankr...
Varied SBU Risk and Control Profiles/Maturity:
         • Home Shopping Network
         • Ticketmaster
         • Expedia...
IAC Implementation of the Framework:
Elements of an Effective GRC Framework:

Governance Structure that establishes
clear ...
Governance Structure: IAC


                    BOD

                              Audit
           CEO
                  ...
IAC Implementation of the Framework:
Elements of an Effective GRC Framework:

Governance Structure that establishes
clear ...
IAC Implements COSO’s ERM Framework:

Enterprise Risk Management Defined:

“… a process, effected by an entity's board of
...
IAC Implements COSO’s ERM Framework:
IAC IA Blurs the Lines Suggested by the IIA:
IIA Guidance:
• Play an important role in monitoring
ERM, but do NOT have pri...
IAC Implementation of the Framework:
Elements of an Effective GRC Framework:

Governance Structure that establishes
clear ...
IAC IA Annual Approach under COSO ERM:

Actual BOD/AC slide from 4Q2005 Meeting:
• Prepare Integrated 2006 IA Plan
   –   ...
IAC IA Annual Approach under COSO ERM:

Actual BOD/AC slide from 4Q2005 Meeting:
 • Underlying premise to achievement of b...
IAC IA Annual Approach under COSO ERM:

Actual BOD/AC slide from 4Q2005 Meeting:

 • Using ERM, IA has created a tool to h...
IAC IA Annual Approach under COSO ERM:

Actual BOD/AC slide from 4Q2005 Meeting:

 • Discuss and Finalize the 2006 Busines...
IAC IA Annual Approach under COSO ERM:

Actual BOD/AC slide from Feb 22, 2006 Meeting:

• Issued 108 SOX Testing Reports (...
IAC IA Annual Approach under COSO ERM:

Actual BOD/AC slide from Feb 22, 2006 Meeting:

  • Using elements of COSO’s ERM F...
Thank You!
Upcoming SlideShare
Loading in …5
×

What You Need to Know Now about Managing Governance, Risk & Compliance

2,210 views

Published on

Proformative presents What You Need to Know Now about Managing Governance, Risk & Compliance. Special thanks to Alec Arons, Partner, Tatum.

To download full presentation, visit http://bit.ly/ci0RJs

Published in: Business, Economy & Finance
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,210
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

What You Need to Know Now about Managing Governance, Risk & Compliance

  1. 1. THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS Event Sponsors
  2. 2. THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS What You Need to Know Now About Managing Governance, Risk & Compliance (GRC)
  3. 3. THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS GRC: What You Need in Your Toolbox for Success Alec Arons, Partner, Tatum
  4. 4. Agenda ●●● Background: Unprecedented Market Conditions Demand New Risk Approach ●●● Critical Considerations: A New Risk Management Paradigm for Directors and Management ●●● Critical Question: Does The Organization Have The Appropriate Structure and Processes for Managing Risk ●●● Governance, Risk and Compliance (GRC) Framework ●●● Communicating Results
  5. 5. Understanding Risk Understanding Risk Managing risk is critical to achieving organizational success Risk Reward
  6. 6. Unprecedented Market Conditions Demand New Risk Approach Financial Crisis SEC and Recovery Disclosure Rules Rating Agency Financial Scrutiny Reform
  7. 7. Growing Expectations for Board Members and Management • Board – Exercise greater oversight over risk management. – Understand the key risks and connect the dots related to achieving business strategy and compensation programs. – Evaluate mitigation strategies and processes in place to address critical risk. – Assess the performance of management. – Engage management in an open dialogue around risk and share insights. • Management – Promote a strong risk management culture. – Owns risk identification and mitigation. – Clear understanding of risk appetite across the organization. – Effective processes for identifying, assessing and monitoring risks. – Communicate effectively with the board and gain insights as appropriate.
  8. 8. Recognition That Work Needs to be Done • Research conducted by the AICPA and the ERM Initiative at North Carolina State indicates: – 63% believe volume and complexity of risks increased extensively in last 5 years – Over one-third caught “off-guard” by an operational surprise in last 5 years – 75 % of respondents not reporting top risks to the board – 48% are unsatisfied with the nature and extent their risk management processes Source : 2010 Report on the Current State of Enterprise Risk Assessment 2nd edition published by NC State University College of Management and the AICPA
  9. 9. The Current Landscape • Post -SOX there has been an increased focus on internal controls over financial reporting. • Some organizations have implemented ERM or GRC Programs. • Others are relying on a Silo approach - not working in an integrated way. • Management is now providing all types of risk related information to the board. • The challenge many companies are weighing is the balance between Value and Cost • The opportunity is to engage with the board to get their input on the process. • What information does the board need and in what form to perform risk oversight? • How can we as management provide the information in a cost effective and meaningful way? • Leading practice suggests implementing a process that links Risks to Business Strategy • Focus on the 10-15 risks that matter most.
  10. 10. A New Risk Management Paradigm for Directors and Management Board members recognize that they need to have a deeper and broader understanding of how risks impact overall performance and financial results Management is under increased pressure to demonstrate they have robust processes and programs in place to address risks Current situation demands that companies have a well articulated framework that captures all of the critical activities in place to address risks There is an expectation that companies demonstrate that they have created an effective risk management culture and that risk management activities operate in an integrated manner
  11. 11. Does The Organization Have The Appropriate Structure and Processes for Managing Risk Key considerations in preparing for the new proxy disclosures , legislation and rating agency review: Have we clearly defined individual responsibilities amongst the board of directors, senior management and operational leaders in evaluating and monitoring risks? Have we identified and considered relevant business risks in developing, reviewing and approving our strategy? Have we clearly defined and articulated our appetite for risk across the organization and do our people understand and demonstrate a How do we commitment to our risk culture? integrate our activities into a How effective are our processes, policies and guidelines for framework that is assessing, managing, testing and addressing risks? scalable, sustainable and Are we confident that we have appropriate tools for monitoring risk cost effective to and evaluating compliance? our organization? Are we satisfied that the sensitivity and effectiveness of our programs will provide early warning of events that could adversely impact achieving stated business objectives?
  12. 12. Elements of an Effective GRC Framework Governance Structure that establishes clear levels of accountability for the board of Risk Assessment framework is directors, senior management and key understood and managed by the individuals responsible for assessing, business managing and monitoring risk Governance Risk Structure Assessment Sustainable Compliance Process Sustainable Process that is updated at a Optimizes investments to date in minimum annually as part of the annual Compliance programs and activities business planning process
  13. 13. Elements of an Effective Risk Assessment Process • Clearly defined risk appetite communicated to the board and well understood throughout the organization. • High priority placed on identifying those key risks linked to achieving business strategy and performance objectives. • Encourage an active dialog across the organization to promote understanding and facilitate the identification of emerging risks. • Establish clear accountability for managing risk. • Well understood metrics to assess the likelihood and impact of risks. • Ongoing evaluation of systems of internal controls over business processes.. • Mechanism to monitor the effectiveness and sensitivity of risk management and compliance programs. • Clearly defined reporting metrics and processes with the board.
  14. 14. Leveraging Risk Assessment to Improve Communication • Engage in a review and discussion of business risks. • Systematic process to communicate and educate key people at all levels as to critical risks and overall risk appetite. • Opportunity to connect the dots and break down silos. • Identify areas for improvement. • Establish clear accountability for managing risk. • Set clear expectations between management and the board on risk metrics and reporting. • Assess reporting and governance structure. • Focus on the key 5 – 10 risks linked to business strategy. • Develop a framework for sharing information that meets the needs of all parties.
  15. 15. Linking GRC to Value Creation A framework aligned with the strategy for creating shareholder value Value Governance Risk Assessment Compliance Creation Add Value Sustain Value Minimize Value Erosion Support activities relating to Ensure that the governance framework, Performing risk management value creation by identifying and organizational structure, risk activities in an efficient and mitigating Strategic Risks management activities, and policies and cost effective manner so as not relating to the achievement of procedures in place are effective in to create a competitive the business goals creating a well understood disadvantage Risk Management Culture
  16. 16. THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS Thank You
  17. 17. SEC Enforcement Trends Lou Mejia, Partner, DLA Piper
  18. 18. Financial Crisis • Timely And Accurate Disclosure? – Business Deals – Business Conditions – Increased Risks – Asset Values • Gatekeeper Risk
  19. 19. SEC Cases to Watch • Goldman Sachs – CDO • Rorech – CDS • Morgan Keegan – MBS
  20. 20. FCPA Developments • Aggressive DOJ & SEC • New Investigative Techniques • Larger Sanctions • More Individuals • High Level Of Risk
  21. 21. Insider Trading • Why The SEC Loves Insider Trading • Market Trends & Risks – M&A Activity – Hedge Funds • New Investigative Tools • Links v. Sphinx
  22. 22. New Specialized Units • Asset Management – Hedge Funds, Investment Advisers – Valuation, Performance, Due Diligence • Market Abuse Unit • Structured & New Products • Municipal Securities & Public Pension • FCPA
  23. 23. Setting The Table • Faster Subpoenas • Downstream Autonomy • Taking Away The 4 Corner • Clearing Inventory • Strategic Resource Allocation • New Cooperation Program
  24. 24. Possible Barriers To Action • Judicial Scrutiny – Theories – Relief • Culture • SEC v. SDNY • Resources
  25. 25. Protecting The Organization • Can You Back Up Your Compliance Defense? • Common Characteristics Of Charged Companies • FCPA Risk Profile • The Informal Trumps The Formal • Watch Your Whistle
  26. 26. THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS Thank You
  27. 27. THE RESOURCE FOR CORPORATE FINANCE, ACCOUNTING AND TREASURY PROFESSIONALS Putting the Pieces Together as an Enterprise/Finance Leader Glenn Robertson, CFO, Havas Digital
  28. 28. Interesting Career Timing… • IAC start date: Sept 11, 2001… 11am • Revised IAC start date: Sept 17, 2001 • Enron bankruptcy: December 2001 • WorldCom bankruptcy: July 2002 • Sarbanes-Oxley Act: July 2002 • Head of IAC IA Sept 2001 – Nov 2006: • USA Networks/USA Interactive/InterActiveCorp • Three changes in CFO • Three changes in Audit Committee
  29. 29. Varied SBU Risk and Control Profiles/Maturity: • Home Shopping Network • Ticketmaster • Expedia • Entertainment Publications • Precision Response Corporation • Lending Tree • Match.com • Ask.com • Tripadvisor.com • Hotels.com • Hotwire.com • Citysearch.com • Evite.com
  30. 30. IAC Implementation of the Framework: Elements of an Effective GRC Framework: Governance Structure that establishes clear levels of accountability for the Risk Assessment framework is board of directors, senior management understood and managed by the and key individuals responsible for business assessing, managing and monitoring risk Governance Risk Structure Assessment Sustainable Compliance Process Sustainable Process that is updated at a Optimizes investments to date in minimum annually as part of the Compliance programs and activities annual business planning process
  31. 31. Governance Structure: IAC BOD Audit CEO Committee COO CFO Internal Audit SBUs Controller
  32. 32. IAC Implementation of the Framework: Elements of an Effective GRC Framework: Governance Structure that establishes clear levels of accountability for the Risk Assessment framework is board of directors, senior management understood and managed by the and key individuals responsible for business assessing, managing and monitoring risk Governance Risk Structure Assessment Sustainable Compliance Process Sustainable Process that is updated at a Optimizes investments to date in minimum annually as part of the Compliance programs and activities annual business planning process
  33. 33. IAC Implements COSO’s ERM Framework: Enterprise Risk Management Defined: “… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Source: COSO Enterprise Risk Management – Integrated Framework. 2004. COSO.
  34. 34. IAC Implements COSO’s ERM Framework:
  35. 35. IAC IA Blurs the Lines Suggested by the IIA: IIA Guidance: • Play an important role in monitoring ERM, but do NOT have primary responsibility for its implementation IAC IA Approach: or maintenance. • Assist management and the BOD/Audit Committee in the process by: IA •Monitoring IA •Evaluating IA IA •Examining IA •Reporting IA •Recommending improvements
  36. 36. IAC Implementation of the Framework: Elements of an Effective GRC Framework: Governance Structure that establishes clear levels of accountability for the Risk Assessment framework is board of directors, senior management understood and managed by the and key individuals responsible for business assessing, managing and monitoring risk Governance Risk Structure Assessment Sustainable Compliance Process Sustainable Process that is updated at a Optimizes investments to date in minimum annually as part of the Compliance programs and activities annual business planning process
  37. 37. IAC IA Annual Approach under COSO ERM: Actual BOD/AC slide from 4Q2005 Meeting: • Prepare Integrated 2006 IA Plan – Conduct annual planning meeting with Businesses in November/December 2005 to determine risks and integrated (NonSOX/SOX) IA focus in 2006 • Develop 2006 testing schedule by January 2006 – IAC Internal Audit resources – Internal Business resources – PwC resources • Present & obtain approval of IA and SOX Plans from IAC Audit Committee – February 22, 2006
  38. 38. IAC IA Annual Approach under COSO ERM: Actual BOD/AC slide from 4Q2005 Meeting: • Underlying premise to achievement of business objectives is the identification and analyses of risks • There are 3 main risk groups under ERM: – Environmental: industry, regulation, legal, etc. – Process: Operations, Empowerment, IT, Integrity, Financial – Information for Decision-Making: Operational, Financial, Strategic
  39. 39. IAC IA Annual Approach under COSO ERM: Actual BOD/AC slide from 4Q2005 Meeting: • Using ERM, IA has created a tool to help the B‟s evaluate risks: Business Unit Risk Evaluation Tool (RET) • Each business is responsible for reviewing the risks identified (initially by IA), modifying the RET and conclude on the OIBA impact and probability
  40. 40. IAC IA Annual Approach under COSO ERM: Actual BOD/AC slide from 4Q2005 Meeting: • Discuss and Finalize the 2006 Business Unit Risk Evaluation Tool (RET) – Review Risks and Risk Responses (compiled by IA) – Modify Risks and Risk Responses (B‟s) – Rate Annual OIBA Impact (B‟s) – Rate Probability (B‟s) – Determine whether risks on RET warrant “IA Focus Area” i.e., IAC internal audit projects for 2006 – Determine overlap and integration with SOX scoping (see next page)
  41. 41. IAC IA Annual Approach under COSO ERM: Actual BOD/AC slide from Feb 22, 2006 Meeting: • Issued 108 SOX Testing Reports (STRs)  Tested 1,387 key controls • Completed 6 „NonSOX‟ audits  2 Risk-Based, 4 Surprise  21 Planned (17 Risk-Based, 4 Surprise)  SOX efforts again delayed a broader focus • SOX „Year 2‟ Efficiencies:  Eliminated 2,500 hours and $300K in outside temp fees • RFP‟d, Selected and Implemented new SOX Software
  42. 42. IAC IA Annual Approach under COSO ERM: Actual BOD/AC slide from Feb 22, 2006 Meeting: • Using elements of COSO’s ERM Framework, performed risk assessment at each OB; held co-development meetings with divisional senior management to assess risk areas considering:  Final Strategic Plan  Business profile, product changes  Growth strategy, mergers, acquisitions  Technology environment, financial systems, IT changes  Organizational and personnel changes  Impact on SOX scope • Risk assessment yielded areas of IA focus for 2006:  Control Activity Testing for SOX  ‘NonSOX’ audits addressing Operations and IT risk areas
  43. 43. Thank You!

×